Researchers have cloned the thumbprint of the German Defense Minister
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!Tweet Share on Twitter.
December 30, 2014
Security researchers say they have successfully cloned the thumbprint of German defense minister Ursula von der Leyen by simply photographing her hand at a press conference.
In a presentation at the annual Chaos Computer Club hacker gathering in Hamburg, Germany, biometrics specialist Jan Krisller explained how he'd taken a variety of photographs of Leyen when she gave a press briefing in October.
Krisller used a lens with a focal length of 200 mm and shot the photo from just six feet away he said.
He then used commercially available fingerprint software from VeriFinger to map out the contours of the minister's thumbprint.
To get that into something that could be used on a biometric scanner, Krisller employed the same technique he demonstrated at the conference in 2013 where he successfully defeated Apple's TouchID fingerprint lock.
This hacker technique, first used in the Gummi Bear attack of 2002, employs digital photographs, flexible materials, and laser printers to create false fingerprints.
Krisller inverted the image of Leyen's finger and printed it out on a transparent sheet using as much printer toner as possible.
He then simply poured a thin layer of wood glue over the top which when lifted, captured a print that Krisller was able to use to unlock an iPhone.
But the key question is whether the thumbprint matches von der Leyen's actual digit, and she's unlikely to offer herself up to check...
Some of the geeks from Germany's security service might also want to know more about this.
Krisller said the research inspired him to look at other methods that traditional photography might be used to defeat biometric security, for example, to copy the iris print of German Chancellor Angela Merkel.
He said that simply using high-resolution images from her election campaign materials, it was possible to simply print an image that might fool a basic iris scanner.
Source: Der Speigel.
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!